Understanding Spam Rentals & Fraudulent Charges

why this happens with faster online rentals when it becomes easier for good customers to rent online, it also becomes easier for bad actors to try older self storage rental systems usually had 3 to 6 pages creating more friction that extra friction slowed down both real renters and fraud attempts our newer one page checkout makes renting faster and easier, similar to modern ecommerce like shopify this improves conversion rates and helps more real customers complete rentals but less friction also means more spam rentals more bot activity more stolen card attempts more fraudulent charges this is normal across ecommerce most industries deal with this every day the difference is that self storage has traditionally relied on slow, multi step rentals, so many operators are seeing this challenge for the first time the 3 systems involved there are three separate vendors involved in every online rental website platform storagely storagely controls the online rental experience, website flow, and fraud prevention measures before payment is submitted facility management software (fms) examples include sitelink, edge, yardi, monument, cubby, and self storage manager the fms receives the rental details and passes payment requests to the payment processor payment processor / gateway this is where the actual credit card authorization happens this provider determines whether a card is approved, declined, flagged, or potentially fraudulent important storagely does not process credit cards storagely does not run credit cards, approve payments, decline payments, or make fraud decisions we handle the online rental experience and send the payment request through the system here’s how it works storagely (website) → fms → payment processor then the response comes back payment processor → fms → storagely who decides if the card is approved? the payment processor and the renter’s bank make that decision, not storagely they decide if a card is approved declined flagged for fraud blocked for security reasons example “do not honor” if you see a decline message like do not honor this message is coming from the payment processor or the customer’s bank it does not come from storagely it usually means the bank declined the charge but did not give a specific reason important to know the system must try the payment first before a decline code like this can be returned that means the card was submitted for authorization, and the processor or bank made the final decision what storagely already does to reduce fraud we stop a large amount of fraud before it ever reaches your fms here are the protections already in place ip rate limiting limits how often someone can try to rent from the same ip address in a short period of time this helps stop rapid bot attacks more aggressive limits can block more fraud, but if set too high, they can also block real customers ip hard blocking we block known vpns, suspicious traffic, and ip addresses commonly linked to fraud this helps stop repeat bad actors from reaching checkout geographic restrictions (geofencing) optional location based restrictions that control where rentals can come from common approved regions include united states canada guam other approved regions this helps reduce international fraud attempts captcha protection helps stop automated bots from submitting fake rentals email validation we use services like zerobounce to detect fake, disposable, suspicious, or invalid email addresses before a rental is submitted behavioral validation we monitor for unusual patterns in how forms are completed this helps identify bots, scripts, and suspicious activity before checkout is completed for security reasons, we do not publicly share the exact rules behind this system what storagely cannot detect there are important limits to fraud prevention we cannot know if a card is fraudulent before authorization only the payment processor can determine this a card may look valid until an authorization attempt is made that fraud signal comes back from the processor, not from storagely sophisticated fraud can look human modern fraud tools and ai can simulate legitimate browser activity and human behavior this makes some fraud extremely difficult for any platform to detect this is an issue that all e commerce platforms deal with on a daily basis additional protection (with conversion trade offs) while there are more aggressive fraud prevention measures we could implement, each additional layer of security creates a direct tradeoff with conversion rates stronger restrictions often introduce more friction for legitimate customers creating longer checkout times, more verification steps, failed validations, blocked transactions, and increased abandonment during the rental process in self storage, where speed and convenience are major drivers of online rentals, too much friction can significantly reduce completed move ins from real customers the goal is not simply to block every possible fraudulent attempt, but to create the right balance between protection and conversion, stopping bad actors without making it harder for legitimate renters to do business with you what customers should also review fraud prevention is not only a website issue your fms settings and payment processor settings are equally important we strongly recommend reviewing payment processor fraud rules examples avs verification cvv requirements velocity checks address matching high risk transaction flags country restrictions many processors allow stricter fraud screening that may not be enabled by default fms configuration some fms platforms allow additional payment validation settings or approval workflows these should be reviewed with your fms provider if fraud happens, what is next? if a fraudulent rental gets through step 1 contact your fms team they can help reverse the rental and identify what transaction occurred step 2 contact your payment processor they control refunds, chargebacks, and fraud review decisions they can explain processor response codes and card authorization outcomes step 3 contact storagely we can review the following to see if any further improvements can be made rental source ip history fraud patterns additional blocking opportunities geofencing recommendations checkout behavior review final takeaway faster checkout improves rentals but faster checkout also requires stronger fraud management this is not a failure of the website, it is a shared responsibility across website platform fms payment processor the goal is not to eliminate all fraud (which is impossible) the goal is to reduce fraud while still allowing real customers to rent easily that balance is where strong operators win